From 3e62b64cc26131db5c468456e85a5a49f338cfcf Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Fri, 27 May 2011 17:13:24 -0600 Subject: [PATCH 1/8] Remove spurious include --- puniq.c | 1 - 1 file changed, 1 deletion(-) diff --git a/puniq.c b/puniq.c index 0a5f767..6e7ff21 100644 --- a/puniq.c +++ b/puniq.c @@ -1,5 +1,4 @@ #include -#include #include #include #include "pcap.h" From 4c6bac000f9283f07c2990465d99a8ffcf521b4c Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Thu, 14 Jul 2011 18:55:41 -0600 Subject: [PATCH 2/8] add p4split utility --- Makefile | 5 +- p4split.c | 134 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ pcap.c | 2 + pmerge.c | 8 ++-- 4 files changed, 143 insertions(+), 6 deletions(-) create mode 100644 p4split.c diff --git a/Makefile b/Makefile index e7dffcb..47c9095 100644 --- a/Makefile +++ b/Makefile @@ -1,10 +1,11 @@ CFLAGS = -Wall -Werror -TARGETS = pmerge puniq +TARGETS = pmerge puniq p4split all: $(TARGETS) pmerge: pmerge.o pcap.o puniq: puniq.o pcap.o +p4split: p4split.c pcap.o clean: - rm -f $(TARGETS) + rm -f $(TARGETS) *.o diff --git a/p4split.c b/p4split.c new file mode 100644 index 0000000..3ba2e64 --- /dev/null +++ b/p4split.c @@ -0,0 +1,134 @@ +#include +#include +#include +#include +#include +#include "pcap.h" + +/* Gaah so much crap */ +#include +#include +#include +#include +#include + + +int +usage(int ret) +{ + fprintf(stderr, "Usage: pip4split CIDR\n"); + fprintf(stderr, "\n"); + fprintf(stderr, "Splits pcap on stdin into up to 256 files, based on CIDR.\n"); + return ret; +} + + +int +parse_cidr(char *s, uint32_t *addr, uint8_t *bits) +{ + char *slash = index(s, '/'); + struct in_addr inp; + + if (slash) { + *slash = 0; + *bits = atoi(slash + 1); + } else { + *bits = 0; + } + + if (0 == inet_aton(s, &inp)) return -1; + *addr = ntohl(inp.s_addr); + + return 0; +} + + +int +main(int argc, char *argv[]) +{ + struct pcap_file p; + struct pcap_file out[256]; + int ok = 0; + uint32_t addr; + uint32_t mask; + uint8_t bits; + uint8_t shr; + int i; + + if (argc != 2) return usage(0); + if (-1 == parse_cidr(argv[1], &addr, &bits)) return usage(0); + if (bits > 24) return usage(0); + if (bits % 8) { + fprintf(stderr, "Warning: routing prefix is not a multiple of 8.\n"); + } + + mask = ~((1 << (32 - bits)) - 1); + addr &= mask; + shr = bits - 8; + + for (i = 0; i < 256; i += 1) { + out[i].f = NULL; + } + + if (-1 == pcap_open_in(&p, stdin)) return usage(0); + + while (1) { + struct pcap_pkthdr hdr; + uint8_t octet; + char frame[MAXFRAME]; + + ok = 1; + if (-1 == pcap_read_pkthdr(&p, &hdr)) break; + if (1 != fread(frame, hdr.caplen, 1, p.f)) break; + + + { + struct ether_header *eh = (struct ether_header *)frame; + struct iphdr *ih = (struct iphdr *)(frame + sizeof(struct ether_header)); + uint32_t a; + + /* VLAN tag */ + if (ntohs(eh->ether_type) == 0x8100) { + ih = (struct iphdr *)((char *)ih + 4); + } + + a = ntohl(ih->saddr); + if ((a & mask) != addr) { + a = ntohl(ih->daddr); + if ((a & mask) != addr) { + fprintf(stderr, "Warning: dropping unmatched packet %08x -> %08x\n", + ntohl(ih->saddr), ntohl(ih->daddr)); + continue; + } + } + octet = (a & ~mask) >> shr; + } + + ok = 0; + if (! out[octet].f) { + char fn[9]; + FILE *f; + + sfprintf(stderr, fn, "%03d.pcap", octet); + + if (NULL == (f = fopen(fn, "wb"))) break; + if (-1 == pcap_open_out(&out[octet], f)) break; + } + + if (-1 == pcap_write_pkthdr(&out[octet], &hdr)) break; + if (1 != fwrite(frame, hdr.caplen, 1, out[octet].f)) break; + } + + if (! ok) { + perror("Error"); + return 1; + } + + for (i = 0; i < 256; i += 1) { + if (out[i].f) { + pcap_close(&p); + } + } + + return 0; +} diff --git a/pcap.c b/pcap.c index e3e6ae9..1eb7309 100644 --- a/pcap.c +++ b/pcap.c @@ -54,6 +54,8 @@ pcap_read_pkthdr(struct pcap_file *ctx, struct pcap_pkthdr *hdr) hdr->len = bswap32(hdr->len); } + if (hdr->caplen > MAXFRAME) return -1; + return 0; } diff --git a/pmerge.c b/pmerge.c index 94c0c13..6c0d71d 100644 --- a/pmerge.c +++ b/pmerge.c @@ -12,9 +12,9 @@ struct input_file { int usage(int ret) { - printf("Usage: pmerge FILE ...\n"); - printf("\n"); - printf("Merges pcap files, outputting time-ordered pcap stream\n"); + fprintf(stderr, "Usage: pmerge FILE ...\n"); + fprintf(stderr, "\n"); + fprintf(stderr, "Merges pcap files, outputting time-ordered pcap stream\n"); return ret; } @@ -93,7 +93,7 @@ main(int argc, char *argv[]) /* Make sure it'll fit */ if (cur->next.caplen > sizeof(frame)) { - fprintf(stderr, "error: huge frame (size %u)\n", len); + fprintf(stderr, "error: huge frame (size %u)\n", (unsigned int)len); return EX_SOFTWARE; } From 0a077184e365237a749176842f626137e6eb886b Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Thu, 14 Jul 2011 18:59:03 -0600 Subject: [PATCH 3/8] typo in p4split help --- p4split.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/p4split.c b/p4split.c index 3ba2e64..b40eace 100644 --- a/p4split.c +++ b/p4split.c @@ -16,7 +16,7 @@ int usage(int ret) { - fprintf(stderr, "Usage: pip4split CIDR\n"); + fprintf(stderr, "Usage: p4split CIDR\n"); fprintf(stderr, "\n"); fprintf(stderr, "Splits pcap on stdin into up to 256 files, based on CIDR.\n"); return ret; From b98a4ef5e89016d3e3b0f9440fa0242a1d1ad7ef Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Thu, 14 Jul 2011 19:08:00 -0600 Subject: [PATCH 4/8] Fix bits bug + overzealous replace --- p4split.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/p4split.c b/p4split.c index b40eace..73e64e9 100644 --- a/p4split.c +++ b/p4split.c @@ -62,9 +62,9 @@ main(int argc, char *argv[]) fprintf(stderr, "Warning: routing prefix is not a multiple of 8.\n"); } - mask = ~((1 << (32 - bits)) - 1); + mask = ~((1 << (32-bits)) - 1); addr &= mask; - shr = bits - 8; + shr = (32-bits) - 8; for (i = 0; i < 256; i += 1) { out[i].f = NULL; @@ -109,7 +109,7 @@ main(int argc, char *argv[]) char fn[9]; FILE *f; - sfprintf(stderr, fn, "%03d.pcap", octet); + sprintf(fn, "%03d.pcap", octet); if (NULL == (f = fopen(fn, "wb"))) break; if (-1 == pcap_open_out(&out[octet], f)) break; From 9a8ccef36cdb8cf3f6a6b229be70ff03b78e86ab Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Thu, 14 Jul 2011 19:13:06 -0600 Subject: [PATCH 5/8] 03d was nice for sorting, but bad for inet_aton --- p4split.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/p4split.c b/p4split.c index 73e64e9..4689688 100644 --- a/p4split.c +++ b/p4split.c @@ -109,7 +109,7 @@ main(int argc, char *argv[]) char fn[9]; FILE *f; - sprintf(fn, "%03d.pcap", octet); + sprintf(fn, "%d.pcap", octet); if (NULL == (f = fopen(fn, "wb"))) break; if (-1 == pcap_open_out(&out[octet], f)) break; From 8c61f6d9cca42e20a389681b3eb714e97a4e46c0 Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Mon, 18 Jul 2011 09:07:14 -0600 Subject: [PATCH 6/8] Add hex dump tool --- Makefile | 2 +- hd.c | 112 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 113 insertions(+), 1 deletion(-) create mode 100644 hd.c diff --git a/Makefile b/Makefile index 47c9095..4ce1035 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ CFLAGS = -Wall -Werror -TARGETS = pmerge puniq p4split +TARGETS = pmerge puniq p4split hd all: $(TARGETS) diff --git a/hd.c b/hd.c new file mode 100644 index 0000000..2ce527d --- /dev/null +++ b/hd.c @@ -0,0 +1,112 @@ +#include +#include +#include + +const char* charset[] = { + "␀", "☺", "☻", "♥", "♦", "♣", "♠", "•", + "◘", "○", "◙", "♂", "♀", "♪", "♫", "☼", + "►", "◄", "↕", "‼", "¶", "§", "▬", "↨", + "↑", "↓", "→", "←", "∟", "↔", "▲", "▼", + " ", "!", "\"", "#", "$", "%", "&", "'", + "(", ")", "*", "+", ",", "-", ".", "/", + "0", "1", "2", "3", "4", "5", "6", "7", + "8", "9", ":", ";", "<", "=", ">", "?", + "@", "A", "B", "C", "D", "E", "F", "G", + "H", "I", "J", "K", "L", "M", "N", "O", + "P", "Q", "R", "S", "T", "U", "V", "W", + "X", "Y", "Z", "[", "\\", "]", "^", "_", + "`", "a", "b", "c", "d", "e", "f", "g", + "h", "i", "j", "k", "l", "m", "n", "o", + "p", "q", "r", "s", "t", "u", "v", "w", + "x", "y", "z", "{", "|", "}", "~", "⌂", + "Ç", "ü", "é", "â", "ä", "à", "å", "ç", + "ê", "ë", "è", "ï", "î", "ì", "Ä", "Å", + "É", "æ", "Æ", "ô", "ö", "ò", "û", "ù", + "ÿ", "Ö", "Ü", "¢", "£", "¥", "₧", "ƒ", + "á", "í", "ó", "ú", "ñ", "Ñ", "ª", "º", + "¿", "⌐", "¬", "½", "¼", "¡", "«", "»", + "░", "▒", "▓", "│", "┤", "╡", "╢", "╖", + "╕", "╣", "║", "╗", "╝", "╜", "╛", "┐", + "└", "┴", "┬", "├", "─", "┼", "╞", "╟", + "╚", "╔", "╩", "╦", "╠", "═", "╬", "╧", + "╨", "╤", "╥", "╙", "╘", "╒", "╓", "╫", + "╪", "┘", "┌", "█", "▄", "▌", "▐", "▀", + "α", "ß", "Γ", "π", "Σ", "σ", "µ", "τ", + "Φ", "Θ", "Ω", "δ", "∞", "φ", "ε", "∩", + "≡", "±", "≥", "≤", "⌠", "⌡", "÷", "≈", + "°", "∙", "·", "√", "ⁿ", "²", "■", "¤", +}; + +int +dump(FILE *f) +{ + uint64_t p = 0; + uint8_t buf[32]; + int offset = 0; + int skipping = 0; + + while (!feof(f)) { + uint8_t *bytes = buf + offset; + size_t len; + int i; + + offset = 16 - offset; + + len = fread(bytes, 1, 16, f); + if (0 == len) break; + + if (p && (0 == memcmp(buf, buf + 16, 16))) { + if (! skipping) { + printf("*\n"); + skipping = 1; + } + p += 16; + continue; + } + + printf("%08lx ", (long unsigned int)p); + for (i = 0; i < 16; i += 1) { + if (i < len) { + printf("%02x ", bytes[i]); + } else { + printf(" "); + } + if (7 == i) { + printf(" "); + } + } + printf(" ┆"); + for (i = 0; i < len; i += 1) { + printf("%s", charset[bytes[i]]); + } + if (-1 == printf("┆\n")) { + perror("printf"); + return 1; + } + p += len; + } + printf("%08lx\n", (long unsigned int)p); + + return 0; +} + +int +main(int argc, char *argv[]) +{ + if (1 == argc) { + dump(stdin); + } else { + FILE *f = fopen(argv[1], "rb"); + + if (! f) { + perror("open"); + return 1; + } + + dump(f); + } + + return 0; +} + + From 1074de0a15959f533be8f39ba20eec19baa128e5 Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Wed, 27 Jul 2011 14:26:34 -0600 Subject: [PATCH 7/8] updated character map --- hd.c | 48 ++++++++++++++++-------------------------------- 1 file changed, 16 insertions(+), 32 deletions(-) diff --git a/hd.c b/hd.c index 2ce527d..25174b1 100644 --- a/hd.c +++ b/hd.c @@ -3,38 +3,22 @@ #include const char* charset[] = { - "␀", "☺", "☻", "♥", "♦", "♣", "♠", "•", - "◘", "○", "◙", "♂", "♀", "♪", "♫", "☼", - "►", "◄", "↕", "‼", "¶", "§", "▬", "↨", - "↑", "↓", "→", "←", "∟", "↔", "▲", "▼", - " ", "!", "\"", "#", "$", "%", "&", "'", - "(", ")", "*", "+", ",", "-", ".", "/", - "0", "1", "2", "3", "4", "5", "6", "7", - "8", "9", ":", ";", "<", "=", ">", "?", - "@", "A", "B", "C", "D", "E", "F", "G", - "H", "I", "J", "K", "L", "M", "N", "O", - "P", "Q", "R", "S", "T", "U", "V", "W", - "X", "Y", "Z", "[", "\\", "]", "^", "_", - "`", "a", "b", "c", "d", "e", "f", "g", - "h", "i", "j", "k", "l", "m", "n", "o", - "p", "q", "r", "s", "t", "u", "v", "w", - "x", "y", "z", "{", "|", "}", "~", "⌂", - "Ç", "ü", "é", "â", "ä", "à", "å", "ç", - "ê", "ë", "è", "ï", "î", "ì", "Ä", "Å", - "É", "æ", "Æ", "ô", "ö", "ò", "û", "ù", - "ÿ", "Ö", "Ü", "¢", "£", "¥", "₧", "ƒ", - "á", "í", "ó", "ú", "ñ", "Ñ", "ª", "º", - "¿", "⌐", "¬", "½", "¼", "¡", "«", "»", - "░", "▒", "▓", "│", "┤", "╡", "╢", "╖", - "╕", "╣", "║", "╗", "╝", "╜", "╛", "┐", - "└", "┴", "┬", "├", "─", "┼", "╞", "╟", - "╚", "╔", "╩", "╦", "╠", "═", "╬", "╧", - "╨", "╤", "╥", "╙", "╘", "╒", "╓", "╫", - "╪", "┘", "┌", "█", "▄", "▌", "▐", "▀", - "α", "ß", "Γ", "π", "Σ", "σ", "µ", "τ", - "Φ", "Θ", "Ω", "δ", "∞", "φ", "ε", "∩", - "≡", "±", "≥", "≤", "⌠", "⌡", "÷", "≈", - "°", "∙", "·", "√", "ⁿ", "²", "■", "¤", + "·", "☺", "☻", "♥", "♦", "♣", "♠", "•", "◘", "○", "◙", "♂", "♀", "♪", "♫", "☼", + "►", "◄", "↕", "‼", "¶", "§", "▬", "↨", "↑", "↓", "→", "←", "∟", "↔", "▲", "▼", + " ", "!", "\"", "#", "$", "%", "&", "'", "(", ")", "*", "+", ",", "-", ".", "/", + "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", ":", ";", "<", "=", ">", "?", + "@", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", + "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "[", "\\", "]", "^", "_", + "`", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", + "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "{", "|", "}", "~", "⌂", + "Ç", "ü", "é", "â", "ä", "à", "å", "ç", "ê", "ë", "è", "ï", "î", "ì", "Ä", "Å", + "É", "æ", "Æ", "ô", "ö", "ò", "û", "ù", "ÿ", "Ö", "Ü", "¢", "£", "¥", "€", "ƒ", + "á", "í", "ó", "ú", "ñ", "Ñ", "ª", "º", "½", "⅓", "¼", "⅕", "⅙", "⅛", "«", "»", + "░", "▒", "▓", "│", "┤", "╡", "╢", "╖", "╕", "╣", "║", "╗", "╝", "╜", "╛", "┐", + "└", "┴", "┬", "├", "─", "┼", "╞", "╟", "╚", "╔", "╩", "╦", "╠", "═", "╬", "╧", + "╨", "╤", "╥", "╙", "╘", "╒", "╓", "╫", "╪", "┘", "┌", "█", "▄", "▌", "▐", "▀", + "α", "ß", "Γ", "π", "Σ", "σ", "µ", "τ", "Φ", "Θ", "Ω", "δ", "∞", "φ", "ε", "∩", + "⁰", "¹", "²", "³", "⁴", "⁵", "⁶", "⁷", "⁸", "⁹", "ⁱ", "ⁿ", "⁽", "⁼", "⁾", "¤" }; int From 275c282c8b3d8bd19bfe4bc9eabe6d3f915d3efd Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Wed, 27 Jul 2011 15:57:32 -0600 Subject: [PATCH 8/8] fix skipping bug --- hd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hd.c b/hd.c index 25174b1..e9471ef 100644 --- a/hd.c +++ b/hd.c @@ -46,6 +46,8 @@ dump(FILE *f) } p += 16; continue; + } else { + skipping = 0; } printf("%08lx ", (long unsigned int)p);